Learn how tampering threats work and how to mitigate them. Explore how attackers can tamper with a variety of systems and tools, from debuggers to cloud services.
Overview
Syllabus
Introduction
- Mitigate tampering threats
- Four-question framework
- Tampering as part of STRIDE
- Debuggers and input
- Libraries
- Mobile
- Tampering with local storage
- Permissions
- Effects of tampering
- Whose screw? Physical tampering matters
- Debug interfaces are exposed
- Time is increasingly important
- Controls and authentication
- Becoming Jane Admin
- Channels and messages
- Replay and reflection
- Headers: Injection and order
- Prevention and detection goals
- Crypto
- Something more privileged
- Next steps
Taught by
Adam Shostack